Logo for TENEX.AI

Staff Threat Hunter

Role overview

Qualifications

  • 8+ years in threat hunting, security operations (SOC), or incident response, with at least 3 years in a senior/lead capacity
  • Deep hands-on experience conducting hypothesis-driven hunts across SIEM and EDR telemetry in enterprise or MDR environments
  • Hands-on hunting experience in Google SecOps / Chronicle, or equivalent cloud-native SIEM (Sentinel, Splunk Cloud) with willingness to standardize on Chronicle
  • Proficiency in scripting with Python and/or PowerShell for hunt tooling, telemetry parsing, and detection automation

Responsibilities

  • Lead proactive, hypothesis-driven hunts across SIEM, EDR, network, and identity telemetry to surface automated detection misses.
  • Own the hunt methodology: build, document, and refine playbooks; decide what gets hunted, cadence, and how findings convert into permanent detections.
  • Drive the detection engineering partnership by turning hunt findings into production rules and analytics in Google SecOps / Chronicle.
  • Lead complex incident investigations when a hunt reveals an intrusion and report program outcomes to customers and internal stakeholders.

About the company

TENEX.AI logo

TENEX.AI

TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security. Backed by Andreessen Horowitz (a16z) and Shield Capital, TENEX’s flagship offering is a next-generation Managed Detection and Response (MDR) service, transforming how organizations detect and respond to threats. With deep expertise in Google and Microsoft security ecosystems and state-of-the-art AI capabilities, TENEX empowers enterprises to enhance threat detection, agility, and resilience while maximizing the value of their security investments.

Company details

Company size11 - 50

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Company Overview: TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the AI-Native MDR landscape.

We're a fast growing startup backed by industry experts and top tier investors led by Crosspoint Capital Partners and also backed by Shield Capital, DTCP (formerly Deutsche Telekom Capital Partners), Deepwork Capital, and the Florida Opportunity Fund. Seed round led by Andreessen Horowitz (a16z). As an early employee, you'll play a meaningful role in defining and building our culture. Get in on the ground floor. We're a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.

Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.

About the Opportunity: As Staff Threat Hunter, you'll own how TENEX hunts — the methodology, the tooling, the hypotheses, and the conversion of hunt findings into production detections. You'll work across multi-tenant MDR telemetry in Google SecOps / Chronicle, partnering with detection engineering to close the gaps automated alerting misses. This is a senior IC role — you set the technical direction for how hunting works at TENEX. Reports to the VP, Security.

What You'll Do:

  • Lead proactive, hypothesis-driven hunts. Run investigations across SIEM, EDR, network, and identity telemetry to surface the threats automated detection misses.

  • Own the hunt methodology. Build, document, and refine the playbooks the team runs from. Decide what gets hunted, on what cadence, and how findings convert into permanent detections.

  • Drive the detection engineering partnership. Work directly with detection engineers to turn hunt findings into production rules and analytics in Google SecOps / Chronicle.

  • Operationalize Threat Intelligence. Track adversary TTPs relevant to our customer base, prioritize what matters, and translate intel into hunt hypotheses.

  • Mentor SOC analysts and junior hunters. Pair on investigations, lead technical deep-dives, and grow the team's hunt capability.

  • Lead complex incident investigations. When a hunt surfaces a real intrusion, run the technical investigation alongside incident response through containment.

  • Report on program outcomes. Communicate findings to customers and internal stakeholders — what was found, what was contained, where the detection coverage gap was, and what we changed.

What You Bring:

  • 8+ years in threat hunting, SOC, or incident response, with at least 3 in a senior/lead capacity

  • Deep hands-on experience running hypothesis-driven hunts across SIEM and EDR telemetry in enterprise or MDR environments

  • Hands-on hunting experience in Google SecOps / Chronicle, or equivalent cloud-native SIEM (Sentinel, Splunk Cloud) with willingness to standardize on Chronicle

  • Strong command of attacker TTPs and MITRE ATT&CK — you can map an intrusion from initial access through impact and explain the detection gap at each stage

  • Scripting fluency in Python and/or PowerShell for hunt tooling, telemetry parsing, and detection automation

Bonus Points:

  • Microsoft security stack (Sentinel, Defender) depth

  • SOAR platform experience (Tines, XSOAR, Chronicle SOAR)

  • Cloud security depth in AWS, Azure, or GCP, including cloud-native attack patterns

  • Published research, conference talks, or open-source contributions in threat hunting or detection engineering

Education & Certifications:

  • Bachelor's degree in Computer Science, Cybersecurity, or Engineering, or a related field (or equivalent experience).

  • Relevant certifications such as GCIH, GCFA, GCDA, OSCP, CISSP, AWS / GCP, or Splunk / Chronicle / Sentinel certifications are a plus.

Why Join Us?

  • Opportunity to define the threat hunting practice at an automation-first MDR provider — your methodology becomes the standard our customers run on.

  • Collaborate with a talented and innovative team focused on continuously improving security operations.

  • Competitive salary and benefits package.

  • A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at TENEX.AI

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.